Method and system for managing admission to a network

ABSTRACT

A method and system for managing admission to a network considers the packet delay of the network in making an admission decision. The packet delay of the network is periodically probed. To avoid disturbing or impairing the traffic of the network, a sequence of probing packets is sent to the network at an irregular interval. Responses to the probing packets are analyzed to obtain delay information of the network. If the delay information is insufficient to make an admission decision, then the packet loss rate of the network is measured and considered.

TECHNICAL FIELD

[0001] The invention relates generally to the admission control innetworks, and, more particularly, to admission control based on thepacket delay and packet loss rate characteristics of a network.

BACKGROUND OF THE INVENTION

[0002] In the field of networking, a primary goal of admission controlis to admit the maximum amount of data possible. For real-time servicesthat do not have stringent requirements for loss rates or delay times,such as multimedia streaming and interactive gaming, Measurement-BasedAdmission Control (MBAC), which bases admission decision on themeasurement of the dynamic traffic load of the network, has beenrecognized as an appropriate and efficient admission control mechanism.Several proposed MBAC algorithms measure the available bandwidth of anetwork in making an admission decision.

[0003] Recently, a technique known as endpoint admission control hasbeen proposed. According to the technique, a gateway responds to arequest for admission to a network by first probing the network withtest packets and listening for responses to the packets. The gatewaythen determines, based on the responses, the packet loss rate of thenetwork. If the packet loss rate is above an acceptable level, then therequest is denied.

SUMMARY OF THE INVENTION

[0004] The present invention is directed to a method and system formanaging admission to a network, in which the packet delay and packetloss rate of the network are considered in making an admission decision.To determine the packet delay of the network, groups of probing packetsare sent to a remote node. The remote node responds with echoed versionsof the probing packets. The responses are analyzed to determine thetotal travel time of the probing packets and, based on the total traveltime, the current delay conditions. If the packet delay of the networkis insufficient to make an admission decision, then the packet loss rateof the network is also measured and considered.

[0005] By taking into account both the packet delay status of a networkas well as the packet loss rate, the present invention allows admissioncontrol systems to detect the fluctuating conditions of the network morequickly and sensitively without overloading the network.

[0006] Additional features and advantages of the invention will be madeapparent from the following detailed description of illustrativeembodiments that proceeds with reference to the accompanying figures.

BRIEF DESCRIPTION OF THE DRAWINGS

[0007] While the appended claims set forth the features of the presentinvention with particularity, the invention, together with its objectsand advantages, may be best understood from the following detaileddescription taken in conjunction with the accompanying drawings ofwhich:

[0008]FIG. 1 is an example of a computer on which various embodiments ofthe invention may be implemented;

[0009]FIG. 2 is an example of a network environment in which variousembodiments of the invention may be implemented;

[0010]FIG. 3 illustrates an example software architecture according toan embodiment of the invention;

[0011]FIG. 4 is a structural schematics showing components of a packetdelay probing module according to an embodiment of the invention;

[0012]FIG. 5a, and FIG. 5b are examples of cumulative probabilitydistribution plots for the delay shape;

[0013]FIG. 6 is an example of steps that may be executed in making anadmission decision;

[0014]FIG. 7 is an example of steps that may be executed in carrying outstep 350 of FIG. 6; and

[0015]FIG. 8 is an example of steps that may be executed in carrying outstep 350 of FIG. 6.

DETAILED DESCRIPTION OF THE INVENTION

[0016] The invention is generally directed to a method and system formanaging admission to a network, in which the packet delay beingexperienced by the network is measured and taken into account. Invarious embodiments of the invention, cumulative probabilitydistribution plots of the packet delay during conditions of high packetloss and low packet loss are created and juxtaposed to find a thresholdvalue. The threshold value is used to derive upper and lower cut-offvalues for acceptable packet delay. The current delay state of thenetwork is compared to these cut off values to determine whether or notto admit new packets to the network. If the packet delay measurementsare not sufficient to make a decision, then the invention also measuresand takes into account the packet loss rate of the network.

[0017] Although it is not required, the present invention may beimplemented using instructions, such as program modules, that areexecuted by a computer. Generally, program modules include routines,objects, components, data structures and the like that performparticular tasks or implement particular abstract data types. The term“program” includes one or more program modules.

[0018] The invention may be implemented on a variety of types ofmachines, including cell phones, personal computers (PCs), hand-helddevices, multi-processor systems, microprocessor-based programmableconsumer electronics, network PCs, minicomputers, mainframe computersand the like. The invention may also be employed in a distributedsystem, where tasks are performed by components that are linked througha communications network. In a distributed system, cooperating modulesmay be situated in both local and remote locations.

[0019] Referring to FIG. 1, an example of a basic configuration for acomputer on which the system described herein may be implemented isshown. In its most basic configuration, the computer 100 typicallyincludes at least one processing unit 112 and memory 114. Depending onthe exact configuration and type of the computer 100, the memory 114 maybe volatile (such as RAM), non-volatile (such as ROM or flash memory) orsome combination of the two. This most basic configuration isillustrated in FIG. 1 by dashed line 106. Additionally, the computer mayalso have additional features/functionality. For example, computer 100may also include additional storage (removable and/or non-removable)including, but not limited to, magnetic or optical disks or tape.Computer storage media includes volatile and non-volatile, removable andnon-removable media implemented in any method or technology for storageof information such as computer readable instructions, data structures,program modules, or other data. Computer storage media includes, but isnot limited to, RAM, ROM, EEPROM, flash memory or other memorytechnology, CD-ROM, digital versatile disk (DVD) or other opticalstorage, magnetic cassettes, magnetic tape, magnetic disk storage orother magnetic storage devices, or any other medium which can be used tostored the desired information and which can be accessed by the computer100. Any such computer storage media may be part of computer 100.

[0020] Computer 100 may also contain communications connections thatallow the device to communicate with other devices. A communicationconnection is an example of a communication medium. Communication mediatypically embodies computer readable instructions, data structures,program modules or other data in a modulated data signal such as acarrier wave or other transport mechanism and includes any informationdelivery media. By way of example, and not limitation, communicationmedia includes wired media such as a wired network or direct-wiredconnection, and wireless media such as acoustic, RF, infrared and otherwireless media. The term computer readable media as used herein includesboth storage media and communication media.

[0021] Computer 100 may also have input devices such as a keyboard,mouse, pen, voice input device, touch input device, etc. Output devicessuch as a display 116, speakers, a printer, etc. may also be included.All these devices are well known in the art and need not be discussed atlength here.

[0022] An example of a network system in which embodiments of theinvention may be implemented is described with reference to FIG. 2. Thenetwork system comprises computers 100, 101 and 102 communicating with anetwork 150, represented by a cloud. The computer 100 is assumed to be agateway, server or similar device through which the computers 101 and102 can communicate with the network 150. The network 150 may includemany well-known components, such as routers, gateways, hubs, etc.

[0023] In accordance with an embodiment of the invention, a computeruser, for example, user 101 a of computer 101 or a user 102a of computer102 may execute a program that requests permission to send or receive adata flow (containing data packets) to or from the network 150. Thecomputer 100 is responsible for determining whether or not to grant therequest based on the traffic conditions of the network 150. In general,if the traffic on the network 150 does not allow the requesting programto receive a Quality of Service (QoS) that is sufficient for the type ofdata to be sent or received, the request is rejected. Otherwise, therequest is granted.

[0024] Referring to FIG. 3, an example of an architecture forimplementing the invention is shown. In its most basic configuration,the admission control system, generally labeled 200, is communicativelylinked to the network 250 and to a local area network (LAN) 248. Inresponse to a request from a device on the LAN 248 for packets be sentor received to or from the network 250, the admission control system 200determines whether to grant the request based on the traffic conditionsof the network 250.

[0025] The admission control system 200 (FIG. 3) comprises an admissiondecision module 210, a delay analysis module 230, a loss rate analysismodule 220, and a probing and testing module 240. The probing andtesting module 240 sends and receives probing packets to measure thedelay being experienced by packets as they travel over the network 250.The probing and testing module 240 also sends testing packets over thenetwork 250 to determine the packet loss rate of the network 250. Whenresponses to the probing packets are received, the delay analysis module230 analyzes the responses to calculate delay parameters. Similarly,when responses to the testing packets are received, the loss rateanalysis module 220 analyses the responses to calculate packet loss rateparameters. The admission decision module 210 detects requests from theLAN 248 for access to the network 250. The admission decision module 210makes admission decision based on the delay parameters and loss rateparameters.

[0026] According to an embodiment of the invention, the admissioncontrol system 200 uses the packet delay—i.e. the amount of delay beingexperienced by packets traveling over the network to a remote node246—as a criterion to make an admission decision. The probing andtesting module 240 periodically sends groups of probing packets andreceives responses that are used to measure the network delay. Toprevent the probing packets themselves from impacting the networktraffic, the probing packets are transmitted at an irregular interval.In one implementation, the probing packets are sent at an exponentialinterval, with a typical average of 1 or 2 seconds between packets. Thishelps prevent the probing packets from introducing synchronizationeffects in the network In an embodiment of the invention, each probingpacket sent by the probing and testing module 240 is a “PING” packet. Asis well-known in the art, a computer that receives a “PING” packet isexpected to copy the contents of the packet and send an echoed versionof the “PING” packet back to the sender. Each “PING” packet has an indexnumber that is included in the corresponding echoed response. Thisallows a “PING” sender to know which “PING” is being responded to.

[0027] Referring again to FIG. 3, the probing packets are sent by theprobing and testing module 240 to the remote node 246. The remote node246 generates responses to the probing packets. These responses arereceived by the probing and testing module 240, which determines theround trip travel time for each probing packet. The round trip traveltime is the interval of time between the transmission of a probingpacket and the receipt of a response to the probing packet. The probingand testing module 240 sends data representing the results of theprobing packet transmissions, such as the round trip travel times and anindication of how many probing packets were lost (referred to as probingpacket data) to the packet delay analysis module 230. The packet delayanalysis module 230 calculates the queuing delay for each probingpacket. The queuing delay represents the total amount of time that theprobing packet was forced to wait at each intermediate node whiletraveling to and from the remote node 246. The queuing delay for apacket is calculated by subtracting the propagation delay (the time thepacket actually spent traveling over the network) from the round triptravel time. The propagation delay can be approximated by usinghistorical data. For example, the minimum delay experienced by PINGpackets over a period of one day or one week may be used to approximatethe propagation delay. The delay analysis module 230 also calculates aset of delay parameters for the network 250. These parameters include acurrent delay shape (D_(C)), an expected delay shape (D_(E)), a delayshape threshold (D_(TH)), a delay shape-high (D_(H)) and a delayshape-low (D_(L)). The nature of these parameters and an example of howto calculate them will be described below in further detail.

[0028] Referring again to FIG. 3, the delay analysis module 230 sendsthe calculated delay parameters to the admission decision module 210,which analyzes the delay parameters to determine whether or more data isneeded to make an admission decision. If the delay parameters are not,by themselves, sufficient to make an admission decision, then theadmission decision module 210 instructs the probing and testing module240 to send testing packets to the remote node 246 to test the packetloss rate of the network 250. The testing packets, like the probingpackets, may be “PING” packets. The responses to the testing packets arereceived by the probing and testing module 240. The probing and testingmodule 240 determines which testing packets were lost and sends datarepresenting the number of packets that were sent and the number ofpackets that were lost (referred to as packet loss data) to the lossrate analysis module 220. The loss rate analysis module 220 calculatesloss rate parameters based on the data received from the probing andtesting module 240. These include the current loss rate (L_(C)) of thetesting packets and the maximum acceptable or threshold loss rate(L_(TH)). The loss rate analysis module 220 sends the loss rateparameters to the admission decision module 210. If needed, theadmission decision module 210 can take into account the packet loss rateL_(C) and compare it to the threshold loss rate L_(TH) to help it make adecision as to whether or not data packets from the LAN 248 arepermitted to enter the network 250.

[0029] An example of modules used to implement the functions of thedelay analysis module 230 (FIG. 3) is shown in FIG. 4. In this example,the delay analysis module 230 includes a delay shape generation module231, a network state estimation module 232 and a network state database233. The delay shape generation module 231 calculates the queuing delayfor each probing packet for which a response was received by the probingand testing module 240. The delay shape generation module 231 uses thequeuing delays that were calculated for each group of probing packets tocalculate delay parameters, including the current delay shape (D_(C)),the estimated delay shape (D_(E)), the delay shape-threshold (D_(TH)),the delay shape-high (D_(H)), and the delay shape-low (D_(L)). The delayshape generation module 231 also stores values for the current delayshape D_(C) in the network state database 233 for the purpose ofsubsequently generated cumulative probability distribution plots, suchas those shown in FIG. 5a and discussed below. The module 231 sends thedelay parameters to the network state estimation module 232. The networkstate estimation module 232 uses the delay parameters to estimate thecurrent delay conditions of the network as well as the expected futuredelay conditions of the network. The network state estimation module 232stores data representing the estimated network delay and the estimatedfuture delay in the network state database 233.

[0030] Although the probing and testing module 240 (FIG. 3) need nottransmit probing packets in groups, the delay analysis module 230analyzes the results of the probing packet transmissions by consideringthe probing packets in groups. For example, the current delay shapeD_(C) of the network 250 is defined by the delay analysis module 230 asthe average delay minus the minimum delay for a group of probingpackets. According to an embodiment of the invention, the number ofprobing packets in each group is less than ten, e.g. three packets pergroup or five packets per group. In various embodiments of theinvention, the delay shapes of many groups of probing packets are usedto create cumulative probability distribution plots. These plots arethen used to derive the delay shape threshold (D_(TH)). The delay shapethreshold (D_(TH)) is a point at which the delay shape of the network ina congested state equals the delay shape of the network in anuncongested state. The delay shape-high represents the highestacceptable delay shape for the network, while the delay shape-lowrepresents the lowest acceptable delay shape for the network. The delayshape-high and delay shape-low parameters may be determined, at least inpart, by settings put into place by an administrator of the LAN 248(FIG. 3).

[0031] An example of how the delay shape (D) and delay shape threshold(D_(TH)) parameters are calculated in an embodiment of the inventionwill now be described. As previously discussed, D is equal to theaverage delay experienced by packets minus the minimum delay. In oneimplementation, for example, the probing and testing module 240 (FIG. 3)transmits probing packets at exponential intervals to the remote node246 and listens for echoed responses. For those probing packets to whichresponses are received, the probing and testing module 240 calculatesthe round trip times (the time interval between the sending of eachprobing packet and the receipt of the echoed response), and reportsthose round trip times to the delay analysis module 230. For every five(5) probing packets to which responses have been received, the delayanalysis module 230 calculates the average queuing delay and subtractsthe minimum queuing delay to arrive at a value for D. The delay analysismodule 230 also records numerous delay values and, when a statisticallysignificant number of values are recorded, calculates cumulativeprobability distributions for the delay values.

[0032] Referring to FIGS. 5a and 5b, example cumulative probabilityplots of the kind that are created by the delay analysis module 230(FIG. 3) are shown. Each plot, labeled 260 and 262 respectively, isrendered on an x-axis and a y-axis. The x-axis of each plot representsvalues for the delay shape on a semi-logarithmic scale, while the y-axisrepresents cumulative probability values. The plot 260 represents thedelay state of the network when it is relatively unloaded, such as whenthe packet loss rate is less than 1%. This state is also referred toherein as “state 0.” The values on the y-axis of the plot 260 are equalto one minus the cumulative probability (1−p) for each correspondingdelay shape on the x-axis. For example, the point B on the plot 260 isone minus the cumulative probability that a group of packets hasexperienced a delay shape of 1.0 milliseconds. In the case of point B,this value (1−p) is about 0.7.

[0033] The plot 262 (FIG. 5a) represents the delay state of the network250 (FIG. 3) when it is relatively loaded, such as when the packet lossrate is greater than or equal to 1%. This state is also referred toherein as “state 1.” The plot 262 represents the cumulative probabilityof the occurrence of various delay shapes. For example, the point C onthe plot 262 is the cumulative probability that a group of packets hasexperienced a delay shape of 10.0 milliseconds. In the case of point B,the probability p is about 0.4.

[0034] In FIG. 5a, it can be seen that when the plots 260 and 262 arejuxtaposed, they cross at a crossing point A which, in this example,corresponds to a delay shape of about 7.9 milliseconds, and a cumulativeprobability of about 0.25. At point A, the cumulative probabilities forpackets having a delay shape of 7.9 milliseconds in network states “0”and “1” are identical. The delay shape at point A—7.9 milliseconds—isreferred to as the delay shape threshold (D_(TH)).

[0035] To further illustrate the delay shape-threshold, FIG. 5billustrates the evolution of the delay shape over an interval of time,wherein the interval of time starts at 10:00 AM and ends at 12:00 noon.In FIG. 5b, the delay shape-threshold in FIG. 5a is represented bydotted line. It can be seen that the delay shape-threshold partitionsthe delay shape curve vs. time. The delay shape of the network between10:00 AM and 11:00 AM is generally less than the threshold 7.9, whereas,the delay shape of the network between 11:00 AM and 12:00 AM isgenerally higher than the threshold 7.9. As shown in FIG. 5b, thecondition of the network 250 changes dynamically, and the delay shapethreshold helps to quantify the dynamic nature of the network delaystate.

[0036] An example of how the delay shape-high (D_(H)) and delayshape-low (D_(L)) parameters are calculated in an embodiment of theinvention will now be described. The delay shape-high parameter D_(H)can be calculated as follows:

D _(H) =α×D _(TH)

[0037] where α represents an acceptable balance between efficientresource utilization and the quality of service required by the newtraffic that is requesting entry into the network. While the value of αcan be set and adjusted according to the results of previous groups oftransmitted probing packets, it is known that α may be set equal to avalue of one (1) in the simplest case, so that D_(H) is equal to D_(TH).Similarly, the delay shape-low parameter D_(L) can be calculated asfollows:

D _(L) =β×D _(H)

[0038] where β represents a trade-off between making a quick decisionand making a correct one. While the value of β can be set and adjustedaccording to the results of previous probing packets, it is known that,in the simplest case, β may be set equal to a value of 0.8, so thatD_(L) is equal to (0.8)D_(H)=(0.8)D_(TH).

[0039] Referring FIG. 6, an example of a procedure that may be followedby the admission decision module 210 (FIG. 3) in deciding whether or notto allow new packets to enter the network from the LAN 248 will now bedescribed. The decision making procedure starts at step 300, in whichthe admission decision module 210 determines whether the current delayshape D_(C) is higher than the delay shape-high D_(H). If so, therequest to enter the network is rejected at step 340.

[0040] If, at step 300, the current delay shape is lower than or equalto the delay shape-high, the procedure continues at step 310. At step310, the admission control module 210 determines whether the currentdelay shape is higher than the delay shape-low D_(L). If so, this meansthat the current delay shape is between the delay shape-high and delayshape-low, and that the packet delay data is not sufficient to make aproper admission decision. The packet loss rate data then needs to beanalyzed and the procedure continues at step 320. If the result isnegative at step 310, the procedure continues at step 350.

[0041] At step 320, the admission decision module 210 obtains the L_(C)parameter from the probing and testing module 240. At step 330, theadmission decision module 210 determines whether the current delay shapeD_(C) is lower than the delay shape threshold D_(TH) and whether thecurrent packet loss-rate L_(C) is less than the packetloss-rate-threshold L_(TH). If both of these conditions are true, thenthe request to enter the network is granted at step 370. Otherwise, therequest is rejected at step 340.

[0042] If, at step 310 (FIG. 5), it is determined that the current delayshape is lower than the delay shape-low, suggesting that the network mayaccommodate new data packets, then the procedure continues at step 350.At step 350, the admission decision module 210 (FIG. 3) estimates thefuture delay shape of the network, represented by D_(E). At step 360,the admission decision module 210 determines whether the D_(E) is lowerthan the delay shape-low D_(L). If so, the request to enter the networkis granted at step 370. Otherwise, the process continues to step 380, atwhich the admission decision module 210 sets the current delay shape asthe average of the delay shape-high D_(H) and delay shape-low D_(L). Theprocedure then continues at step 320 and step 330 as previouslydescribed.

[0043] In testing the packet loss rate and packet loss rate threshold atstep 320 in FIG. 6, further steps may be performed. FIG. 7 shows anexample of such steps. In keeping with an embodiment of the invention,the packet loss rate data is utilized only when the delay shape data isnot adequate for making a proper admission decision. Accordingly, theprocess of testing the packet loss rate parameters is initiated by aninstruction sent from the admission decision module 210 (FIG. 3) to theprobing and testing module 240 at step 321. Upon receiving theinstruction, the probing and testing module 240 sends testing packets tothe remote node 246 via the network 250 at step 322. The testing packetsare sent at the same rate as that required by the data traffic for whichentry is being requested. At step 323, the packet loss rate analyzer 220analyzes the responses to the test packets to calculate the currentpacket loss rate L_(C). According to one embodiment, the packet lossrate is equal to 100%×N/1000, wherein 1000 testing packets are sent andwherein N is equal to the number of packets lost.

[0044] In estimating the expected delay D_(E) shape at step 350 in FIG.6, further steps may be performed, as shown in FIG. 8. At step 351, itis assumed that the distribution of the network is${{A(t)} = {\sum\limits_{i = 1}^{n}{X_{i}(t)}}},$

[0045] wherein X_(i)(t) represents independent individual packets. It isalso assumed each packet or set of packets can be considered anindependent identical stochastic process. When the traffic number islarge, the stationary bandwidth distribution of the network traffic isGaussian distribution according to the Central Limit Theory, and has amean μ₀, and a variance σ². The distribution may then be written as:N(μ₀, σ²).

[0046] At step 352, the expected delay shape D_(E) is defined asD_(E)=D_(C)+ΔD wherein ΔD denotes the expected change of the currentdelay after the new packets from the LAN 248 are admitted to the network250 (FIG. 2). At step 353, the expected change of the delay ΔD iscalculated. ΔD is based on the expected impact that sending the newpackets to the network will have on the delay being experienced by thenetwork. There are generally two aspects to consider in this regard.First, the new packets will be appended to the various queues in thenetwork 250, thus increasing the queuing delay. And second, the newpackets will increase the probability of queuing delays in the network250. For example, if the new data packets comprise a data flow of S, areto be sent at a rate of R and the network linking capacity is C, thenthe increase in queuing length expected to be caused by the new dataflow can be estimated as S/C. Given the Gaussian distribution function,the impact on the queuing probability of the new data flow can beestimated as: P_(n  e  w) = ∫_(−R/C)^(∞)p_(A)(x)x,

[0047] wherein P_(new) is the queuing probability after introducing thenew data flow to the network, p_(A)(X) is the bandwidth distribution ofthe traffic in accordance with the Gaussain traffic distribution. Fromthe equation of P_(new), it can be further deduced that,P_(n  e  w) = ∫_(−R/C)^(∞)p_(A)(x)x < ∫_(i)^(∞)p_(A)(x)x + R/C = P₀ + R/C.

[0048] Therefore, P_(new) approximates P₀+R/C. Consequently, theexpected round-trip delay of the network D_(E) can be estimated asD_(E)=D_(C)+2(P₀+R/C)×S/C.

[0049] It can thus be seen that a new a useful method and system formanaging the admission of data to a network has been provided. In viewof the many possible embodiments to which the principles of thisinvention may be applied, it should be recognized that the embodimentsdescribed herein with respect to the drawing figures is meant to beillustrative only and should not be taken as limiting the scope ofinvention. For example, those of skill in the art will recognize thatthe elements of the illustrated embodiments shown in software may beimplemented in hardware and vice versa or that the illustratedembodiments can be modified in arrangement and detail without departingfrom the spirit of the invention. Therefore, the invention as describedherein contemplates all such embodiments as may come within the scope ofthe following claims and equivalents thereof.

What is claimed is:
 1. A method for managing the admission of data to anetwork, the method comprising: receiving a request for a flow of datato be admitted to the network; determining the amount of delay beingexperienced by the network; determining the rate at which data is beinglost in the network; and deciding whether or not to grant the requestbased on the determined amount of delay and on the determined data lossrate.
 2. A computer-readable medium having stored thereoncomputer-executable instructions for performing the method of claim 1.3. The method of claim 1, further comprising: transmitting packets to aremote node over the network; and receiving from the remote noderesponses to the transmitted packets, wherein the step of determiningthe amount of delay being experienced by the network comprisesdetermining, based on at least some of the responses, the amount ofdelay being experienced by the network, and wherein the step ofdetermining the rate at which data is being lost by the networkcomprises determining, based on at least some of the responses, the rateat which data is being lost by the network.
 4. The method of claim 1,further comprising estimating the amount of additional delay that thenetwork will experience if the flow of data is admitted to the network,wherein the step of determining whether or not to grant or deny therequest is further based on the estimated amount of additional delay. 5.The method of claim 1, further comprising: if the delay beingexperienced by the network exceeds a maximum acceptable delay and therate at which data is being lost in the network exceeds a maximumacceptable rate, denying the request.
 6. The method of claim 1, furthercomprising: comparing the delay being experienced by the network with anupper limit and with a lower limit; if the delay being experienced bythe network is above the upper limit, denying the request; if the delaybeing experienced by the network is below the lower limit, granting therequest; and if the delay being experienced by the network is betweenthe upper and lower limit, performing the steps of: determining whetherthe loss rate of data by the network is above an acceptable limit; andif the loss rate is above the acceptable limit, deny the request; if theloss rate is below the acceptable limit, granting the request.
 7. Amethod for managing the admission of data to a network, the methodcomprising: transmitting a plurality of groups of probing packets to aremote node in the network; receiving responses to at least some of theprobing packets in at least some of the plurality of groups, theresponses being echoed versions of the probing packets; calculating anaverage queuing delay for each group of packets, the average queuingdelay representing the average amount of time that the packets in thegroup and the echoed versions thereof had to spend queued atintermediate nodes in the network on their way to and on their way backfrom the remote node; determining a minimum queuing delay time for eachgroup of transmitted packets, the minimum queuing delay timerepresenting the minimum amount of time that any of the packets in thegroup and the echoed versions thereof had to spend queued atintermediate nodes in the network on their way to and on their way backfrom the remote node; calculating a plurality of delay shapes, includinga delay shape for each group of probing packets sent over the timeinterval, the delay shape representing the difference between theaverage delay time and the minimum delay time for the group; creating afirst cumulative probability plot from the calculated delay shapes, thefirst cumulative probability plot representing the cumulativeprobability of achieving various delay shape values when the network isrelatively loaded; creating a second cumulative probability plot fromthe calculated delay shapes, the second cumulative probability plotrepresenting the cumulative probability of achieving various delay shapevalues when the network is relatively unloaded; juxtaposing the firstand second plots so that the first and second plots intersect at anintersection, the intersection corresponding to a delay shape value; anddetermining whether or not to admit a data flow to the network based onthe delay shape value corresponding to the intersection.
 8. Acomputer-readable medium having stored thereon computer-executableinstructions for performing the method of claim
 7. 9. The method ofclaim 7, wherein the step of creating a first cumulative probabilityplot further comprises: creating the first cumulative probability plotfrom delay shapes that are calculated based on probing packet groupstransmitted when the network has a packet loss rate below one percent;and creating the second cumulative probability plot from delay shapesthat are calculated based on probing packet groups transmitted when thenetwork has a packet loss rate above one percent.
 10. The method ofclaim 7, wherein each point of the first cumulative probabilitydistribution plot is associated with a delay shape on a first axis andwith a probability on a second axis, the probability being equal to acumulative total of one minus the probability of the occurrence of eachof the preceding delay shapes on the first axis.
 11. The method of claim7, wherein each point of the second probability distribution plot isassociated with a delay shape on a first axis and with a probability ona second axis, the probability being equal to a cumulative total ofprobability of the occurrence of each of the preceding delay shapes onthe first axis.
 12. The method of claim 7, wherein the transmitting stepis performed on a periodic basis, and wherein the step of determiningwhether or not to admit a data flow to the network is performed inresponse to a request to have a data flow be admitted to the network.13. The method of claim 7, wherein the delay shape value to which theintersection corresponds is a delay shape threshold value, the methodfurther comprising: computing a delay shape-high value, the delayshape-high value representing an acceptable upper limit for the delayshape; comparing the delay shape calculated from the most recentlytransmitted group of probing packets with the delay shape-high value;and if the delay shape calculated from the most recently transmittedgroup of probing packets is higher than the delay shape-high value,denying admission of the flow of data to the network.
 14. The method ofclaim 13, wherein the delay shape-high value is equal to a product ofthe delay shape threshold and a numerical value, the numerical valuerepresenting an acceptable balance between efficient resourceutilization and the quality of service required by the a program that isrequesting that the data be admitted to the network.
 15. The method ofclaim 7, wherein the delay shape value to which the intersectioncorresponds is a delay shape threshold value, the method furthercomprising: comparing the delay shape calculated from the most recentlytransmitted group of probing packets with the delay shape thresholdvalue; and if the delay shape calculated from the most recentlytransmitted group of probing packets is higher than the delay shapethreshold value, denying admission of the flow of data to the network.16. The method of claim 7, wherein the delay shape value to which theintersection corresponds is a delay shape threshold value, the methodfurther comprising: computing a delay shape-low value, the delayshape-low value representing ceiling for delay shape values that aautomatically acceptable; comparing the delay shape calculated from themost recently transmitted group of probing packets with the delayshape-low value; and if the delay shape calculated from the mostrecently transmitted group of probing packets is lower than the delayshape-low value, admitting the flow of data to the network.
 17. Themethod of claim 16, wherein the delay shape-low value is equal to aproduct of the delay shape threshold and a numerical value, thenumerical value representing an acceptable trade-off between making aquick decision regarding admission of data to the network and making acorrect decision.
 18. The method of claim 7, wherein the delay shapevalue to which the intersection corresponds is a delay shape thresholdvalue, the method further comprising: computing a delay shape-low value,the delay shape-low value representing ceiling for delay shape valuesthat a automatically acceptable and being equal to about 0.8 times thedelay shape threshold value; comparing the delay shape calculated fromthe most recently transmitted group of probing packets with the delayshape-low value; and if the delay shape calculated from the mostrecently transmitted group of probing packets is lower than the delayshape-low value, admitting the flow of data to the network.
 19. A systemfor managing the admission of data to a network, the system comprising:a computer executing modules comprising: a delay analysis module thatcompiles statistical data regarding how long packets are taking totravel on the network; a loss rate analysis module that compilesstatistical data regarding the rate of loss of packets that are sent outto the network; and an admission control module that receives requestsfor the admission of data flows to the network, and decides whether toadmit or reject the requests based on the statistical data compiled bythe delay analysis module and the loss rate analysis module, wherein theadmission control module: rejects the requests if the current packetdelay of the network is higher than an upper limit; grants the requestsif the current packet delay of the network is less than the expecteddelay rate of the network; and if the current packet delay is betweenthe upper limit and the expected value, relies on the packet loss rateof the network to determine whether or not to grant the requests. 20.The system of claim 19, wherein the computer further executes a probingand testing module for sending and receiving packets to and from thenetwork to obtain packet delay measurements for the network and thepacket loss rate measurements for the network.